mirror of
https://github.com/pomerium/pomerium.git
synced 2025-04-30 02:46:30 +02:00
de603f87de
* Add new configurable bootstrap writers (#2405) This PR adds the ability to configure different backends to use for storing modifications to the zero bootstrap config. The two currently implemented backends allow writing changes to a file or to a Kubernetes secret. Backend selection is determined by the scheme in a URI passed to the flag '--config-writeback-uri'. In a Kubernetes environment, where the bootstrap config is mounted into the pod from a secret, this option allows Pomerium to write changes back to the secret, as writes to the mounted secret file on disk are not persisted. * Use env vars for bootstrap config filepath/writeback uri * linter pass and code cleanup * Add new config writer options mechanism This moves the encryption cipher parameter out of the WriteConfig() method in the ConfigWriter interface and into a new ConfigWriterOptions struct. Options (e.g. cipher) can be applied to an existing ConfigWriter to allow customizing implementation-specific behavior. * Code cleanup/lint fixes * Move vendored k8s code into separate package, and add license header and package comment
87 lines
2.3 KiB
Go
87 lines
2.3 KiB
Go
// Package cmd implements the pomerium zero command.
|
|
package cmd
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"os"
|
|
"os/signal"
|
|
"syscall"
|
|
|
|
"github.com/rs/zerolog"
|
|
|
|
"github.com/pomerium/pomerium/internal/log"
|
|
"github.com/pomerium/pomerium/internal/zero/controller"
|
|
)
|
|
|
|
// Run runs the pomerium zero command.
|
|
func Run(ctx context.Context, configFile string) error {
|
|
err := setupLogger()
|
|
if err != nil {
|
|
return fmt.Errorf("error setting up logger: %w", err)
|
|
}
|
|
|
|
token := getToken(configFile)
|
|
if token == "" {
|
|
return errors.New("no token provided")
|
|
}
|
|
|
|
opts := []controller.Option{
|
|
controller.WithAPIToken(token),
|
|
controller.WithClusterAPIEndpoint(getClusterAPIEndpoint()),
|
|
controller.WithConnectAPIEndpoint(getConnectAPIEndpoint()),
|
|
controller.WithOTELAPIEndpoint(getOTELAPIEndpoint()),
|
|
}
|
|
|
|
bootstrapConfigFileName, err := getBootstrapConfigFileName()
|
|
if err != nil {
|
|
log.Ctx(ctx).Error().Err(err).Msg("would not be able to save cluster bootstrap config, that will prevent Pomerium from starting independent from the control plane")
|
|
} else {
|
|
log.Ctx(ctx).Info().Str("file", bootstrapConfigFileName).Msg("cluster bootstrap config path")
|
|
opts = append(opts, controller.WithBootstrapConfigFileName(bootstrapConfigFileName))
|
|
|
|
if uri := getBootstrapConfigWritebackURI(); uri != "" {
|
|
log.Ctx(ctx).Debug().Str("uri", uri).Msg("cluster bootstrap config writeback URI")
|
|
opts = append(opts, controller.WithBootstrapConfigWritebackURI(uri))
|
|
}
|
|
}
|
|
|
|
return controller.Run(withInterrupt(ctx), opts...)
|
|
}
|
|
|
|
// IsManagedMode returns true if Pomerium should start in managed mode using this command.
|
|
func IsManagedMode(configFile string) bool {
|
|
return getToken(configFile) != ""
|
|
}
|
|
|
|
func withInterrupt(ctx context.Context) context.Context {
|
|
ctx, cancel := context.WithCancel(ctx)
|
|
go func(ctx context.Context) {
|
|
ch := make(chan os.Signal, 2)
|
|
defer signal.Stop(ch)
|
|
|
|
signal.Notify(ch, os.Interrupt)
|
|
signal.Notify(ch, syscall.SIGTERM)
|
|
|
|
select {
|
|
case sig := <-ch:
|
|
log.Ctx(ctx).Info().Str("signal", sig.String()).Msg("quitting...")
|
|
case <-ctx.Done():
|
|
}
|
|
cancel()
|
|
}(ctx)
|
|
return ctx
|
|
}
|
|
|
|
func setupLogger() error {
|
|
if rawLvl, ok := os.LookupEnv("LOG_LEVEL"); ok {
|
|
lvl, err := zerolog.ParseLevel(rawLvl)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
log.SetLevel(lvl)
|
|
}
|
|
|
|
return nil
|
|
}
|